buildlog
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill mandates the execution of shell commands (
echo) to write log entries to~/.buildlog/agent-feed.jsonl. This is a standard mechanism for its intended purpose but represents active command-line usage triggered by the agent. - [DATA_EXFILTRATION] (LOW): The skill captures the exact, raw user prompt text. If a user includes API keys, passwords, or sensitive PII in their request, that data is stored in cleartext in a local file. The skill's stated purpose is to facilitate sharing these logs on
buildlog.ai, creating a potential path for sensitive data exposure if the logs are not reviewed before upload. - [PROMPT_INJECTION] (LOW): The instructions use strong imperative language ('MANDATORY', 'MUST', 'DO NOT SKIP') to enforce logging behavior. While assertive, these instructions are focused on the skill's utility rather than attempting to bypass the agent's safety filters or core identity.
Audit Metadata